The Rise of Cybercrime-as-a-Service

by Orlando Scott-Cowley - Cyber Security Specialist

It’s long been said that when botnets first appeared, they were the first usable forms of cloud computing. Now with hindsight they fit the NIST definition of cloud computing very well and have become rapidly scalable and on-demand.

More recently criminal malware has taken a turn towards being more akin to enterprise-grade software through its entire lifecycle. It’s not unusual to find your rental of a botnet now comes with 24x7 support and channel reseller margins. Buying exploit kits, renting botnets, and using enterprise-grade cloud technology, Crime-as-a-Service (CaaS) has become part of the latest breed of XaaS, offering the same benefits of cost and complexity reduction as well as lower barriers to entry. Using CaaS gives anyone an instant criminal business model in the cloud.

What we know today, is that CaaS is starting to have its own marketplace, run by well organized criminal mega-gangs; support contracts for purchasers are not uncommon.
What we know today, is that CaaS is starting to have its own marketplace, run by well organized criminal mega-gangs; support contracts for purchasers are not uncommon.

CaaS has been given much publicity since the 2014 Internet Organized Crime Threat Assessment (iOCTA) report from Europol described the commercialization and availability of the technology and how it’s impacting legitimate enterprises in real time.

The rise of CaaS is another step on the roadmap of the crimeware that has been instrumental in many of the most recent attacks, where Zeus and its variants like Citadel and Gameover have led to significant loss of data. What we know today is that CaaS is starting to have its own marketplace, run by well-organized criminal mega-gangs; support contracts for purchasers are not uncommon, nor are healthcare and pension plans for employees.

This threat takes how we think about our own protection to a new level. The high-profile breaches of the last twelve months all managed to evade well known or best of breed corporate defenses, so it’s no surprise that enterprise IT managers and CIOs are starting to lose sleep about their next big breach. In many cases, this fear is born out of a realization that platforms like CaaS have become rapidly more advanced than the protections they have within their own environments.

Targeted Threat Protection is once again at the top of the agenda, for C-level managers, as well as those who deploy and run the technology. The sophistication of the attacks means we can no longer sit back and wait for our protection to do its job. We all need to become much more actively defensive – not offensive, but active in our defenses.


As many began to return home from its Worldwide Partner Conference this week, Microsoft confirmed an outage of Office 365 email.

According to Microsoft Support, it appears that affected users were unable to connect to the Exchange Online service, including Outlook, Outlook Web App (OWA), Exchange ActiveSync (EAS), and Exchange Web Services (EWS). Many users also experienced delays when sending and receiving messages.

Certainly Office 365 is not the only service to suffer like this – outages happen, but the reason why Office 365 outages grab widespread attention is because of its increasing popularity and the business critical nature of services it provides. Suffering from an Office 365 Outage? We'll Keep Your Business Running. Suffering from an Office 365 Outage? We'll Keep Your Business Running.

For many businesses, email is their most critical IT workload. Email is also highly valued by employees. Tolerance for email downtime is almost zero as it costs money, damages reputations and cripples business operations. In short, we all need it to work and to work all the time.

For years IT teams have built disaster recovery plans and systems predicated on the belief that IT fails and you always need a plan B. Nothing changes in a cloud first world. Cloud services clearly fail and if you don’t have an independent continuity service, your email will be down until Office 365 gets it back up again. And you can’t control when that will happen. One hour. Five hours. Days.

So take a leaf out of the on-premises risk management handbook. Make Office 365 safer with the addition of an independent third-party continuity service.

Office 365 will continue to have service outages. Sometimes these will be very disruptive because they affect an entire region. Other occasions may only see some customers or group of employees affected. But outages do and will happen. It’s irrational to expect them not to happen.

Many of us now live in a cloud-first world. So the question to ask ourselves is – what will happen to me when Office 365 goes offline? Do I have a plan B?

For all its strengths, if you rely 100% on Office 365 for your email you are asking for trouble. It’s just a matter of time.

Find out more about how we can help keep your business running during an Office 365 outage here.


Yesterday, we announced two new measures designed to protect against spear-phishing. Attachment Protect and User Awareness reduce the threat from malware-laden attachments, and help IT teams raise employee security awareness.

Both services are available as part of Mimecast Targeted Threat Protection, which now gives customers a comprehensive defense against the key technical and human risks from spear-phishing.

Spear-phishing attacks are a rapidly growing and evolving threat that needs a new generation of services to protect organizations.

Initially, it was about stopping URL links to malicious websites. But now the threat has moved on to weaponized attachments. So sandboxing has become a critical technical defense. Here attachments are tested in a safe environment before they can be delivered to the recipient. But sandboxing does have its limitations. It delays emails, which is frustrating and impacts employee productivity. It’s typically expensive to provide pre-emptive sandboxing, meaning organizations often limit who they protect to keep costs under control. That’s not good enough. As attacks using weaponized attachments become more commonplace and can be targeted at any employee, this puts organizations at risk if they are limiting this critical protection.

Our approach is different. We make it cost effective and easier to protect the whole organization.

Mimecast Targeted Threat Protection – Attachment Protect combines traditional pre-emptive sandboxing for those who want it with a transcription service that automatically gives all employees a safe and threat-less email attachment instantly. It does this by replacing inbound email attachments that could contain malicious code (e.g. PDF or Microsoft Office files) with safe transcribed versions – neutralizing any malicious code. Most employees only need to view attachments, so no further action is needed. If employees need to edit a file, a link in the email can be used to request the original file on-demand via our cloud-based sandboxing service.

However, technology is only part of the defense against spear-phishing and other security threats for that matter. A comprehensive strategy requires employee education. We need to improve employee skills and vigilance, and turn them into a human firewall that can thwart the scammers and hackers.

The problem is traditional IT training is ineffective, time-consuming and ultimately unable to keep up with advanced security threats that change all the time.

Now, in addition to link rewriting, URL Protect includes innovative dynamic user awareness capabilities so IT teams can raise the security awareness of employees. Once enabled, a percentage of links in emails clicked by an employee will open a warning screen. This provides them more information on the email and destination, prompting them to consider if the page is safe. If they choose to continue, their opinion is logged, URL Protect scans the link and blocks access if the destination is unsafe. IT administrators can set how frequently these awareness prompts are shown to ensure employee caution is maintained. Repeat offenders that click bad links will get more frequent prompts automatically until their behavior changes.

A comprehensive security strategy requires not just technology defenses but also employee education. You need to improve employee skills and vigilance, and turn them into a human firewall that can thwart the scammers and hackers.

If you’d like more information about these new services, please register for the Targeted Threat Protection Webinar or let us show you a demo. Also, please leave a comment on this post if you have any questions – thanks!


The word “Partnership” is described as an agreement to cooperate and advance mutual interests. It’s a simple term but one that is often overused, and in most cases, unbalanced. As we grow-up and mature into our business lives, having trust in individuals and organizations has helped shape our thinking, personalities and reactions. It’s the level of confidence you place in others that drives the development of a true partnership.

For example, Mimecast is in a partnership with HP, and this week, we see the start of HP Discover in Las Vegas. Every attendee at this show will be in a partnership with HP in some form – a supplier, a task facilitator, or an extension to their existing IT team. The reasons why Mimecast choose to work with HP is to assist our joint customers.

If this sounds like a sales pitch, remember that I don’t work for HP, but I do understand the genuine value they bring as a partner.

The HP-Mimecast partnership is evolving with the market opportunity – for example, you might think that your email is working just fine on that old Windows Server 2003. But you know that Microsoft will no longer be supporting this after July. So now is a crucial time for IT teams to decide which vendors to partner with to make a change. Whether your final destination is Microsoft Exchange 2013 or Office 365, HP is there to guide you through the process, and is best partnered with Mimecast’s 100 percent uptime SLA on email availability and security to protect your company’s essential communication stream.

Regardless of where you are at on your journey, we hope you can drop by Mimecast booth #3533 at HP Discover to find out how we can help reduce your risk and support you when migrating to Office 365 or Exchange and see how we’re working together with HP as true partners.